Description
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21337 Vulnerability (CVE-2022-21337)
WordPress Plugin The Events Calendar Cross-Site Scripting (3.0)
TYPO3 Improper Authentication Vulnerability (CVE-2009-3635)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1836)
WordPress Plugin Simple add pages or posts Cross-Site Request Forgery (1.6)